Vulnerability Details CVE-2019-13988
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.1%
CVSS Severity
CVSS v3 Score 6.5
References
- https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx
- https://www.sierrawireless.com/company/security/
- https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx
- https://www.sierrawireless.com/company/security/
Products affected by CVE-2019-13988
-
cpe:2.3:h:sierrawireless:airlink_mg90:-
-
cpe:2.3:h:sierrawireless:airlink_omg2000:-
-
cpe:2.3:o:sierrawireless:mgos:-
-
cpe:2.3:o:sierrawireless:mgos:3.15.1
-
cpe:2.3:o:sierrawireless:mgos:3.15.2
-
cpe:2.3:o:sierrawireless:mgos:4.0.3
-
cpe:2.3:o:sierrawireless:mgos:4.0.4
-
cpe:2.3:o:sierrawireless:mgos:4.0.5
-
cpe:2.3:o:sierrawireless:mgos:4.1
-
cpe:2.3:o:sierrawireless:mgos:4.1.2
-
cpe:2.3:o:sierrawireless:mgos:4.1.2.2
-
cpe:2.3:o:sierrawireless:mgos:4.2
-
cpe:2.3:o:sierrawireless:mgos:4.2.0.2
-
cpe:2.3:o:sierrawireless:mgos:4.2.1
-
cpe:2.3:o:sierrawireless:mgos:4.2.2
-
cpe:2.3:o:sierrawireless:mgos:4.2.3